![]() ![]() ![]() In today’s post, we discussed a reflected Cross-Site Scripting (XSS) vulnerability in Download Manager. If an attacker were able to trick an administrator into clicking a link that has been designed to send session cookies to the attacker, add a malicious administrator account, or implement a backdoor on the website, the attacker would also have free reign in the administrator panel, giving them the ability to modify checkout settings and even add fake products to the website. In the case of Download Manager, customer information and access to digital products would both be at risk. If the attacker gains this access, they would have access to the same information the administrator would be able to access, including user details and customer information. More specialized attackers would use this capability to gain administrator access or add a backdoor and take over the site. Even an unsophisticated attacker could hijack the form and use it to trick a site administrator into unknowingly disclosing sensitive information, or to collect cookie values. Without proper sanitization and escaping in place on user-supplied inputs, JavaScript can be used to manipulate the page. This is because the ‘ frameid’ parameter was echoed to the page without sufficient user input validation. Unfortunately, insufficient input sanitization and output escaping on the $_REQUEST parameter found in the ~/src/Package/views/shortcode-iframe.php file of the Download Manager plugin made it possible for an attacker to run arbitrary code in a victim’s browser by getting them to click on a specially crafted URL. Secure coding practices would include checks to sanitize the input received by the page, and escaping that code on the output to ensure that only approved inputs and outputs are presented. This function was found to be vulnerable to reflected Cross-Site Scripting. One feature of the plugin is the ability to use a shortcode to embed files and other assets in a page or post. ![]() The plugin also provides a complete solution to sell digital products from WordPress sites, including checkout functionality to complete an order. Description: Reflected Cross-Site ScriptingĬVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:Nĭownload Manager is a file and document management plugin to help manage and control file downloads with various file download controls to restrict unauthorized file access. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |